Is it just me, or is the topic a little too vague and confusing? I mean, it’s bad enough the teaser is almost always copy/pasted from the source, but can’t there be a shred more of effort put in anymore?

It’s gratifying to see that openSUSE managed to escape the list of glaring security problems. Congrats to the dev teams, I believe their holistic approach to assessing vulnerabilities gives them a clear advantage over the distros listed in the article.

FWIW, the bug with the decoder rings in Fedora was admittedly an issue with an earlier version of openSUSE, but it was very quickly identified and nixed with a security update. It’s remarkable to see that other distros fail, even in this day and age, to take preventative measures against well known attack vectors. Don’t even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?

I’m a little surprised not to see a link on OSNews to the incident that inspired this comic. Maybe the editors knew it would turn into a flamefest. Seriously though, it’s somewhat of a major story. I’m a Debian user myself, and I’m really horrified at the bug one of their developers introduced to their version of OpenSSL.

It’s one of those things that makes one think about distros and their relationship to upstream, about whether one’s distro choice is sound, about how easy it is to trust code, etc etc. Seems like something that should be addressed on OSNews, even if it might be a crapstorm. Apologies if I missed it somewhere..